DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

SC: DHEC notifying clients of personal information breach

Posted on April 23, 2010 by Dissent

Previous coverage on this breach can be found here and here.

The S.C. Department of Health and Environmental Control continues to notify clients whose personal information was included on improperly discarded DHEC documents, the agency reported today.

“We’ve already mailed letters to individuals, but we don’t have complete mailing addresses for a small number of the clients,” DHEC Commissioner Earl Hunter said. “While we work to gather this information, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires us to issue a broad notification to the affected area.”

According to Hunter, private information of more than 1,800 people was included on DHEC documents that were discovered by a third party in a public, paper recycling container behind the DHEC building on Bull Street in Columbia. This third party gave the documents to another person, who returned them to DHEC.

“Agency policy requires that documents containing personal identifying information must be disposed of by shredding. Since these documents were not shredded according to agency policy, we requested that the State Law Enforcement Division (SLED) investigate this matter,” Hunter said. “During interviews with SLED, an employee admitted placing the documents into the recycling bin instead of taking them to the DHEC shredding facility. We immediately terminated this individual’s employment.

“We also reviewed our policies and procedures, and emphasized to staff their obligations to keep this information confidential. We now require tracking of documents until shredding has been completed,” Hunter said. “We take very seriously our responsibility to protect the confidentiality of personal and medical information about our clients and members of the public.”

Hunter said the documents from the recycling container include patient information submitted to DHEC to determine eligibility for payment by three agency programs to private health care providers. These three programs include: the Best Chance Network program for breast and cervical cancer screenings, the SCOPE (Screening Colonoscopies on People Everywhere) program for colorectal screenings, and other screenings through the WISEWOMAN (Well-Integrated Screening and Evaluation for Women Across the Nation) program. Private health care providers submitted most of the information to DHEC between Jan. 8 and Feb. 17, 2010.

The information submitted to DHEC varied according to the type of program. It might have included: name; address; telephone number; date of birth; gender; race; type of appointment; income level; Social Security number; a brief medical history related to breast or cervical cancer screenings, colorectal cancer risks, or heart disease risk; blood pressure; weight and height; radiology reports, laboratory reports, results of colorectal screenings; bills for program-paid services; and/or the physician’s name.

“We’ve notified 1,824 individuals whose information was returned to the agency from the recycling container. This notification was provided by a letter sent to the individual’s address as recorded in the agency or obtained from the private providers,” Hunter said. “We’ve also notified 1,026 individuals whose information was submitted to us for processing in these programs during this time period, even though the documents returned to us did not include information about these individuals. Since we can’t be certain that all of the documents have been recovered, it is possible that information about these individuals might also have been improperly placed in the recycling container.

“SLED says it doesn’t appear that this information was used for any criminal purpose, and no charges have been filed against the former employee,” Hunter said. “We’ve notified the three national credit reporting agencies and the S.C. Department of Consumer Affairs of this incident. As required by HIPAA, we’ve also reported this matter to the federal Department of Health and Human Services.”

According to Hunter, individuals who believe they might have had information submitted to one of these programs can contact DHEC at 1-866-859-6045 for more information on this matter and on steps they can take to protect their identity. They can also contact one of the three national credit reporting agencies for more information on how to protect their identity in the event someone has obtained their personal information:

*Equifax: 1-800-525-6285 or 1-888-766-0008; http://www.equifax.com; P.O. Box 740256, Atlanta, GA 30374-0256.

*Experian: 1-888-EXPERIAN (397-3742); http://www.experian.com; email: [email protected].

*TransUnion: 1-800-680-7289; http://www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790; email: [email protected].

Individuals can get a free credit report to see if anyone has tried to get credit using their information by going to the Web page at: https://www.annualcreditreport.com, or by calling 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. Individuals can also contact the S.C. Department of Consumer Affairs at 1-800-922-1594 for information on steps to defend against identity theft.

Source: South Carolina Department of Health and Environmental Control

N.B. As of the time of this posting, this incident is not listed on OCR’s web site for breaches affecting more than 500 individuals.


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • North Country Healthcare responds to Stormous's claims of a breach
  • Texas Enacts Electronic Health Record Data Localization Law
Category: Health Data

Post navigation

← AU: Anti-ID theft computer system flops
Pub Looking Into Credit Card ‘Processing Error’ →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.